d4708/qBittorrent
1
0
Fork 0
mirror of https://github.com/d47081/qBittorrent.git synced 2025-01-11 15:27:54 +00:00
Code Issues Projects Releases Wiki Activity
8,081 Commits 4 Branches 2 Tags 149 MiB
4940a77d12
Commit Graph

41 Commits

Author SHA1 Message Date
Chocobo1
4940a77d12
[WebUI]: Print error messages upon receiving invalid header fields 2017-10-18 20:11:53 +08:00
Chocobo1
9ef1e32327
WebAPI: fix validating wrong header field. Closes #7311. 
X-Forwarded-Host is a foreign proxy setting, it isn't the same as
qbt's local setting and thus it makes no sense to verify it.
 2017-08-20 22:40:19 +08:00
Vladimir Golovnev (qlassez)
cff6a64e9f
Use qUtf8Printable() for logging strings 
qDebug(), qInfo(), qWarning(), qCritical(), qFatal() expect %s arguments
to be UTF-8 encoded, while qPrintable() converts to local 8-bit encoding.
Therefore qUtf8Printable() should be used for logging strings instead of
qPrintable().
 2017-08-13 16:14:57 +03:00
Chocobo1
07780b48c5 Load the domain list at least once on startup. 
Fixup of 0532d546d7
 2017-07-13 00:41:30 +08:00
Chocobo1
0532d546d7
Implement HTTP host header filtering 
This filtering is required to defend against DNS rebinding attack.
 2017-07-12 17:26:13 +03:00
Chocobo1
18651c8d01
Use Qt5 connect syntax 2017-07-12 17:26:11 +03:00
Chocobo1
55e038b165
Avoid modifing request headers 2017-07-12 17:26:05 +03:00
Chocobo1
cdb8f4bc61 [WebUI] relax CSRF defense. Closes #6882. 
Allow HTTP request which has neither Origin nor Referer header included
 2017-06-02 21:16:06 +08:00
Chocobo1
087856d3d8
[WebUI]: Implement CSRF defense 
Bump API version
 2017-06-01 19:37:57 +03:00
Chocobo1
f35a5c8085 [WebUI] Make cookie parsing robust 
Previously cookie name such as "<any string>SID" will be mistakenly
accepted as "SID" session ID, this commit fixes it.

Use QString::isEmpty()
 2017-05-25 18:45:07 +08:00
Thomas Piccirello
1b5852ad0b Use less permissive Content Security Policy 
Adjust content order
 2017-05-14 20:26:15 -04:00
sledgehammer999
e177799ada
[WebUI]Make the context obligatory for translatable strings. Also delete duplicate strings from extra translations. 2017-05-05 03:46:33 +03:00
Eugene Shalygin
c4e16aa820 cmake: set warning and error options 
The set is far from perfect, but guards against common errors with GCC.
 2017-04-29 13:30:28 +02:00
sledgehammer999
018574e546 Merge pull request #6475 from OpenGG/master 
[WebUI-API] Add "skip_checking" and "paused" to "/command/download" and "/command/upload"
 2017-04-17 17:12:24 +03:00
opengg
b271fa9f00 [WebUI] Add skip_checking and paused to /command/download and /command/upload 2017-03-31 14:05:19 +08:00
Chocobo1
272d53fdf8 Set cookie SID value to empty on logout 
Set cookie SID expiration date to 1 day in the past on logout
 2017-03-22 17:22:10 +08:00
Chocobo1
4e48408eaa Fire up the timer to clean inactive sessions 2017-03-22 17:21:10 +08:00
Chocobo1
e26b30a5f4 Refactor: initialize class variable directly 2017-03-22 17:20:28 +08:00
Chocobo1
e9bd75f4e1 Set HttpOnly attribute to SID cookie 2017-03-21 15:24:41 +08:00
Chocobo1
cb1646be32 Prepend QBT_ for preprocessor variables 2017-03-06 13:41:58 +08:00
Eugene Shalygin
e64bb1de8c Drop Qt 4 support 2017-03-05 22:24:59 +01:00
Chocobo1
7756dd80f3
[WebUI]: add X-XSS-Protection, X-Content-Type-Options, CSP header 2017-03-03 21:28:28 +02:00
ngosang
f5ad04766f
[WebUI] Avoid clickjacking attacks 2017-03-03 21:28:27 +02:00
Chocobo1
511796f74e Replace rand() by a true uniform distribution generator 2017-02-16 12:21:26 +08:00
buinsky
134e4c1eb9 Add some missing columns to dynamic tables 2017-01-21 15:57:02 +03:00
Chocobo1
cffa729ac5 Put temp files in .qBittorrent directory. Closes #4462. 2016-12-01 01:39:27 +08:00
Vladimir Golovnev (Glassez)
dd34663224 Implement Advanced Saving Management subsystem 
Closes #4696
 2016-03-04 19:59:53 +03:00
Vladimir Golovnev (Glassez)
ea8acf3bbd Fix unitialized scalar field bugs 2016-01-15 09:44:10 +03:00
buinsky
f961fd6a7c WebUI: Repair translation 2016-01-09 12:04:27 +03:00
buinsky
b10f04abbd WebUI: Show filtered torrents number 2015-12-07 23:27:45 +03:00
Vladimir Golovnev (Glassez)
9db93e5d8f Rename Core to Base (Closes #3733). 2015-12-06 14:27:00 +03:00
sledgehammer999
17ac4b90be Use simpler DEFINE for detecting Qt5 so moc will work too. 2015-12-05 22:20:49 +02:00
Chocobo1
8bb2e98b90 Fix localhost address (::ffff:127.0.0.1) is not recognized when connecting to WebUI 2015-07-19 14:48:58 +08:00
Vladimir Golovnev (Glassez)
d32bb52390 Don't add core to INCLUDEPATH. 2015-06-03 22:11:43 +03:00
ngosang
dcdb319653 Web UI: Complete translatable strings 2015-05-23 20:35:25 +02:00
ngosang
c5ce99ebec Web UI: Changes in title bar 2015-05-23 19:20:04 +02:00
sledgehammer999
d14805d065 Merge pull request #2863 from racam/master 
login.html escape quotes + add qbittorrent-nox to gitignore + bug with startup info with qbittorrent-nox
 2015-05-02 23:09:10 +03:00
racam
d7ac142885 Enhancement of the webui preference and of the quote escape for javascript 2015-05-01 21:59:36 +02:00
Gabriele
8017680055 WebUI: create a new session for each user 
Closes #2919.
 2015-04-29 16:13:43 +02:00
Vladimir Golovnev (Glassez)
898d454b78 Follow project coding style (Issue #2192). 2015-02-08 20:38:04 +03:00
Vladimir Golovnev (Glassez)
2707f5205f Fix prefjson::setPreferences() doesn't actually save. 2015-02-08 19:44:56 +03:00